I have been working to set up a Soekris net5501 to act as a home router/server. My efforts are documented here to serve as an example for others attempting similar setup scenarios. Note that this guide is only intended to cover post-installation software setup and so should be applicable to nearly any hardware.

UNDER CONSTRUCTION; most of what you see here is incomplete.

Good luck with your challenge! If you notice any error please mail me, leave a ?comment, or fix it.

If you know of a better place in the wiki for this to go, please ?suggest it.

SixXS

Register with SixXS and request an tunnel and subnet. Choose your tunnel type carefully. I chose the less efficient AYIYA type because it will work behind masquerading.

Use aiccu to bring up the tunnel.

OPTIONAL: To avoid using your SixXS password in plaintext in the aiccu configuration file, add a TIC Password for the tunnel, then use "$HANDLE/$TUNNELID" as your username and the password you chose in the configuration.

dnsmasq

dnsmasq.conf:

interface=br0
dhcp-range=private,192.0.2.51,192.0.2.250,48h
interface=wlan0_0
dhcp-range=public,192.0.3.51,192.0.3.250,48h
domain-needed
bogus-priv
# Set the NTP time server address to be the same machine as
# is running dnsmasq
dhcp-option=42,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down.
dhcp-option=vendor:MSFT,2,1i
# Set the limit on DHCP leases, the default is 150
## here, raised to the maximum number of hosts on networks
dhcp-lease-max=506
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slighest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
#dhcp-authoritative

Firewall

Firewall shell scripts are slow (see http://www.faqs.org/docs/iptables/saveandrestore.html ), and scripts for iptables-restore/ip6tables-restore must be maintained individually. In order to keep performance, use a single script, and gain readability for easy maintenance, I wrote a script that creates iptables-restore and ip6tables-restore scripts.

I am considering switching from a custom script to ferm which would also be fast and use a single configuration file, but also be more readable and standard than this script.